CVE-2006-1907

2006-04-20T14:06:00

ID CVE-2006-1907Type cveReporter NVDModified 2017-07-19T21:31:00

Description

Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"osvdb": [{"id": "OSVDB:24720", "type": "osvdb", "title": "myEvent addevent.php Multiple Variable SQL Injection", "description": "## Vulnerability Description\nmyEvent contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the addevent.php script not properly sanitizing user-supplied input to the 'event_id' and 'event_desc' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off' and the register_globals PHP option is 'on'.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nmyEvent contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the addevent.php script not properly sanitizing user-supplied input to the 'event_id' and 'event_desc' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://mywebland.com/\n[Secunia Advisory ID:19680](https://secuniaresearch.flexerasoftware.com/advisories/19680/)\n[Related OSVDB ID: 24719](https://vulners.com/osvdb/OSVDB:24719)\n[Related OSVDB ID: 24721](https://vulners.com/osvdb/OSVDB:24721)\n[Related OSVDB ID: 24724](https://vulners.com/osvdb/OSVDB:24724)\n[Related OSVDB ID: 24722](https://vulners.com/osvdb/OSVDB:24722)\n[Nessus Plugin ID:21246](https://vulners.com/search?query=pluginID:21246)\nISS X-Force ID: 25886\nFrSIRT Advisory: ADV-2006-1384\n[CVE-2006-1907](https://vulners.com/cve/CVE-2006-1907)\nBugtraq ID: 17580\n", "published": "2006-04-18T05:17:38", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:24720", "cvelist": ["CVE-2006-1907"], "lastseen": "2017-04-28T13:20:21"}, {"id": "OSVDB:24721", "type": "osvdb", "title": "myEvent del.php event_id Variable SQL Injection", "description": "## Vulnerability Description\nmyEvent contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the del.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off' and the register_globals PHP option is 'on'.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nmyEvent contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the del.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://mywebland.com/\n[Secunia Advisory ID:19680](https://secuniaresearch.flexerasoftware.com/advisories/19680/)\n[Related OSVDB ID: 24719](https://vulners.com/osvdb/OSVDB:24719)\n[Related OSVDB ID: 24724](https://vulners.com/osvdb/OSVDB:24724)\n[Related OSVDB ID: 24720](https://vulners.com/osvdb/OSVDB:24720)\n[Related OSVDB ID: 24722](https://vulners.com/osvdb/OSVDB:24722)\n[Nessus Plugin ID:21246](https://vulners.com/search?query=pluginID:21246)\nISS X-Force ID: 25886\nFrSIRT Advisory: ADV-2006-1384\n[CVE-2006-1907](https://vulners.com/cve/CVE-2006-1907)\nBugtraq ID: 17580\n", "published": "2006-04-18T05:17:38", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:24721", "cvelist": ["CVE-2006-1907"], "lastseen": "2017-04-28T13:20:21"}], "nessus": [{"id": "MYEVENT_MULTIPLE_FLAWS.NASL", "type": "nessus", "title": "myEvent Multiple Remote Vulnerabilities", "description": "The remote host is running myEvent, a calendar application written in PHP.\n\nThe installed version of myEvent fails to sanitize user input to the 'myevent_path' parameter in several scripts before using it to include PHP code from other files. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process.\n\nIn addition, user input to the 'event_id' parameter in 'addevent.php' and 'del.php', and to the 'event_desc' parameter in 'addevent.php' is not properly sanitized before being used in a SQL query, which could allow an attacker to insert arbitrary SQL statements in the remote database. A similar lack of sanitation involving the 'event_desc' parameter of 'addevent.php' allows for cross-site scripting attacks against the affected application.\n\nThese flaws are exploitable only if PHP's register_globals is enabled.", "published": "2006-04-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21246", "cvelist": ["CVE-2006-1890", "CVE-2006-1908", "CVE-2006-1907"], "lastseen": "2016-09-26T17:24:04"}], "openvas": [{"id": "OPENVAS:136141256231080074", "type": "openvas", "title": "Multiple Remote Vulnerabilities in myEvent", "description": "The remote web server contains a PHP application that is affected by\n multiple vulnerabilities. \n\n Description :\n\n The remote host is running myEvent, a calendar application written in PHP. \n\n The installed version of myEvent fails to sanitize user input to the\n 'myevent_path' parameter in several scripts before using it to include\n PHP code from other files. An unauthenticated attacker may be able to\n read arbitrary local files or include a file from a remote host that\n contains commands which will be executed on the remote host subject to\n the privileges of the web server process. \n\n In addition, user input to the 'event_id' parameter in 'addevent.php'\n and 'del.php', and to the 'event_desc' parameter in 'addevent.php' is\n not properly sanitised before being used in a SQL query, which may\n allow an attacker to insert arbritrary SQL statements in the remote\n database. A similar lack of sanitation involving the 'event_desc'\n parameter of 'addevent.php' allows for cross-site scripting attacks\n against the affected application. \n\n These flaws are exploitable only if PHP's register_globals is enabled.", "published": "2008-10-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231080074", "cvelist": ["CVE-2006-1890", "CVE-2006-1908", "CVE-2006-1907"], "lastseen": "2017-07-02T21:10:09"}]}}